Basic Steps to integrate Linux LDAP client with AD....kerberos and SASL issues/confusion
Bill Pappas
bill.pappas at STJUDE.ORG
Sat Jul 24 15:02:31 EDT 2004
On Thu, 2004-07-22 at 13:59, Bill Pappas wrote:
> Hello. Is there a complete set of instructions for using MIT kerberos
> with SASL and Active Directory?
>
> I want to authenticate using kerberos. I want to be able to search the
> LDAP server using an encrypted password when I binddn. I can do
> searches in clear test, but this is not suitable.
>
> But in the end, I really want to extend AD (via MS Services for Unix
> which would extend the AD schema for NIS mapping) and modify my ldap
> client (via nss and pam libraries) to use a common userid for all
> platform. Upon modifying the client, for example, I could ssh or even
> log on the console of the client with my AD user. If I were to type (on
> the client) getent passwd | grep username, I'd get the sanAccount name,
> a unix UID/GID which was assigned via SFS's extending the AD schema.
>
> My problem is finding a clear procedure that is up to date and
> complete. I'm clueless on how SASL interacts with Kerberos (if it
> does).
>
> Any help would be appreciated.
>
>
>
> LDAP Client:
> RedHat AS 3.0
> openldap-2.2.13
> MIT krb5-1.3.4
> cyrus-sasl-plain-2.1.15-3
> cyrus-sasl-md5-2.1.15-3
> cyrus-sasl-gssapi-2.1.15-3
> cyrus-sasl-2.1.15-3
> cyrus-sasl-devel-2.1.15-3
>
> LDAP Server:
> Active Directory (loosely based on LDAP) Windows 2000
>
--
Thanks,
Bill Pappas
Systems Integration Engineer
St. Jude Children's Research Hospital
Department: Hartwell Center
Phone: 901.495.4549
Fax: 901.495.2945
More information about the Kerberos
mailing list